← volver
CVE-2021-24959

WP Email Users <= 1.7.6 - Subscriber+ SQL Injection

EPSS 2.2%CWE-89
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
Productos afectados
Unknown · WP Email Users

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/0471d2e2-e759-468f-becd-0b062f00b435